- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Migrating user from trusted hp-ux to untrusted...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2009 11:04 PM
тАО12-02-2009 11:04 PM
http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1259823029263+28353475&threadId=1212160
Solution suggested in the discussion is for migrating from trusted system to another trusted system.
However I am trying to do the same but to migrate to untrusted system.
My opinion is that the only different is /etc/passwd is * instead of the encrypted password.
In trusted system, encrypted password is in tcb file structure.
My question is:
1. Is it possible to use encrypted password in the tcb file structure but in /etc/passwd. Will this work in untrusted system?
2. Is there any script that do this. I.e migrate user from trusted hp-ux machine to untrusted hp-ux machine.
3. If there is no such script, any advice for me if I'm going to write it.
My objective is to migrate the user exactly as it is configured in the trusted server. Would like to do this without any impact to the trusted server. For instance, not looking forward to make the trusted server to untrusted and then copying /etc/passwd ... or such.
Thanks in advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2009 04:27 AM
тАО12-03-2009 04:27 AM
Re: Migrating user from trusted hp-ux to untrusted hp-ux
You could perhaps migrate user from trusted to trusted and after that untrusted them with tsconvert -r
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=839509
You could test to untrusted your trusted hpux, get a copy of the /etc/passwd and after that re-trusted it.
HTH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-04-2009 03:57 AM
тАО12-04-2009 03:57 AM
Re: Migrating user from trusted hp-ux to untrusted hp-ux
I proceed with the step as in migrating user from trusted to trusted.
It works. Eventhough I am migrating user from trusted to untrusted system.
I guess it boils down to this:
1. If /etc/passwd have * in the password field. In untrusted system, the account should be blocked.
HOWEVER
2. After copying the tcb folder structure. Having * in /etc/passwd does not block the user if there the user exist in tcb file structure
Can anyone confirm this? I think this is what happen in my case. But not sure about it.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-04-2009 07:47 AM
тАО12-04-2009 07:47 AM
Re: Migrating user from trusted hp-ux to untrusted hp-ux
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-06-2009 09:50 PM
тАО12-06-2009 09:50 PM
Re: Migrating user from trusted hp-ux to untrusted hp-ux
I think you are replying to my first post. The way I understand it is:
1. If upon checking encrypted password in the tcb structure, it is exactly 13 character. In this situation I can copy the encrypted password from tcb structures to /etc/passwd. And it will work!
2. If upon checking encrypted password in the tcb file structure, it is more than 13 characters (which is exactly 26 characters). This means that the encrypted password can not be copied into /etc/password as it will not work.
Thanks for you answer to my original post.
However, I have follow the step that involve copying tcb file structures. And it looks like doing so solve my problem.
Possibly because copying the tcb file structure to untrusted system cause the system to be automatically become trusted.
Appreciate it if someone can confirm this.
TIA
Haris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-06-2009 10:23 PM
тАО12-06-2009 10:23 PM
SolutionSo if you copy the entire /tcb file hierarchy from a trusted system to an untrusted one, including /tcb/files/auth/system/default, that makes the second system trusted too.
----
If you get the encrypted password strings from the /tcb file structure and move them to /etc/passwd, it will sort of work _if and only if_ the user's passwords are 8 characters long or shorter.
The trusted system mode uses an expanded version of traditional Unix password hashing algorithm. If the password is 8 characters or less, the encryption result is compatible with the traditional algorithm; but if the password is longer than that, the algorithm will produce an incompatible extended password hash.
When the HP-UX system is in untrusted mode, the password hashing algorithm used in /etc/passwd is strictly the traditional one. If a trusted-mode encrypted password (with unencrypted length of 9 or more characters) is copied to /etc/passwd, logging in to that account becomes impossible until the password is changed.
In the non-trusted mode, the user can type more than 8 characters into the password prompt - but only the first 8 characters will be passed to the encryption process, producing a standard-length Unix password hash. This hash will then be compared with the stored password hash: if they match, the password is accepted. But if an extended password hash is copied to /etc/passwd, the encrypted strings will not be of equal length and the comparision will always fail.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2009 02:22 AM
тАО12-07-2009 02:22 AM
Re: Migrating user from trusted hp-ux to untrusted hp-ux
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2009 02:25 AM
тАО12-07-2009 02:25 AM